W32.Gibe.C@mm

W32.Gibe.C@mm is a variant of W32.Gibe.B@mm. The worm attempts to spread through Email, KaZaA, and IRC. It uses Microsoft Outlook to email itself to all the contacts in the Windows Address Book. W32.Gibe.C@mm will display a message titled, Microsoft Internet Update Pack," if the computer has already been infected with this worm.

The email message has a randomly chosen subject, message, and attachment, which will have either a .exe or .zip file extension. W32.Gibe.C@mm may send itself to some specified new groups, whose URL are carried by the worm.

This threat is written in Microsoft Visual Basic (VB). The VB run-time libraries must be installed on the computer to execute.

NOTE: Definitions dated prior to March 19th, 2003 may detect this threat as W32.HLLW.Begbie@mm.

Protection

• Initial Rapid Release version March 17, 2003
• Latest Rapid Release version March 17, 2003
• Initial Daily Certified version March 17, 2003
• Latest Daily Certified version March 17, 2003
• Initial Weekly Certified release date March 19, 2003

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Low
• Number of Infections: 0 - 49
• Number of Sites: 0 - 2
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Moderate

Damage

• Damage Level: Medium

Distribution

• Distribution Level: High